Cryptology ePrint Archive: Report 2008/110

On the Design of Secure and Fast Double Block Length Hash Functions

Zheng Gong and Xuejia Lai and Kefei Chen

Abstract: In this work the security of double block length hash functions with
rate 1, which are based on a block cipher with a block length of $n$
bits and a key length of $2n$ bits, is reconsidered.
Counter-examples and new attacks are presented on this general class
of fast double block length hash functions, which reveal unnoticed
flaws in the necessary conditions given by Satoh \textit{et al.} and
Hirose. Preimage and second preimage attacks are presented on
Hirose's two examples which were left as an open problem. Our
synthetic analysis show that all rate-1 hash functions in FDBL-II
are failed to be optimally (second) preimage resistant. The
necessary conditions are refined for ensuring a subclass of hash
functions in FDBL-II to be optimally secure against collision
attacks. In particular, one of Hirose's two examples, which
satisfies our refined conditions, is proven to be indifferentiable
from a random oracle in the ideal cipher model. The security results
are extended to a new class of double block length hash functions
with rate 1, where the key length of one block cipher used in the
compression function is equal to the block length, whereas the other
is doubled.